
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 13-1450 
www.uspto.gov 



APPLICATION NO 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



09/539,266 



03/30/2000 



Vipin Samar 



51067 7590 01/13/2006 

ORACLE INTERNATIONAL CORPORATION 
c/o A. RICHARD PARK 
2820 FIFTH STREET 
DAVIS, CA 95616-2914 



OR99-I7401 



8991 



EXAMINER 



ENGLAND, DAVID E 



ART UNIT 



PAPER NUMBER 



2143 

DATE MAILED: 01/13/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Off/pp Art inn ^ummarv 


Application No. 

09/539,266 


Applicant(s) 

SAMAR, VIPIN 


Examiner 

David E. England 


Art Unit 

2143 





~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[>3 Responsive to communication(s) filed on 13 October 2005 . 
2a)[E This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayte, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) El Claim(s) 1 - 10, 13 - 22 and 25 - 33 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 03 Claim(s) 1 - 70, 13- 22 and 25- 33 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)\J Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) [H Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) O Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date . 



4) CD Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CD Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 20060106 



Application/Control Number: 09/539,266 
Art Unit: 2143 



Page 2 



DETAILED ACTION 

1. Claims 1 - 10, 13 - 22 and 25 - 33 are presented for examination. 

Claim Rejections -35 USC § 1 03 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Claims 1 - 5, 9, 13 - 17, 21 and 25 - 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Devarakonda et al. (6424992) (hereinafter Devarakonda) in view of 
Kunzelman et al. (6041357) (hereinafter Kunzelman) in farther view of Davis et al (6367009) 
(hereinafter Davis) in further view of Haller et al. (6363363) (hereinafter Haller) and Davis et al. 
(6282522) (hereinafter Davis, V.). 

4. Referencing claim 1, as closely interpreted by the Examiner, Devarakonda teaches 
receiving a message from the client at a first server n the plurality of servers, the message 
including a session identifier that identifies a secure communication session with the client, (e.g. 
col. 3, lines 27 - 55 & col. 4, line 41 - col. 5, line 12); and 

5. if the session identifier does not correspond to an active secure communication session on 
the first server, establishing an active secure communication session with the client on the first 
server by, (e.g. col. 3, lines 27 - 55 & col. 4, line 41 - col. 5, line 12), 
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6. attempting to retrieve state information associated with the session identifier for an active 
secure communication session between the client and a second server from the plurality of 
servers by the first server, wherein the state information includes an encryption key used to 
encrypt communications between the client and the second server, (e.g. col. 4, line 29 - col. 5, 
line 12 & col. 9, lines 5-32), 

7. if the state information for the active secure communication session is not retrieved, 
communicating with the client to establish the active secure communication session with the 
client, (e.g. col. 3, lines 27 - 55 & col. 4, line 41 - col. 5, line 12), but does not specifically teach 
wherein the state information includes encryption key used to encrypt communications; 

8. if the state information for the active secure communication session is retrieved, using the 
state information including the encryption key to share the active secure communication session 
established between the client and the second server for subsequent communications between the 
client and the first server without having to set up a new secure communication session between 
the client and the first server; and 

9. wherein sharing the active secure communication session allows a single SSL session to 
be simultaneously shared by multiple servers. 

10. Kunzelman teaches wherein the state information includes an encryption key used to 
encrypt communications between the client and the second server, (e.g. col. 1, line 45 - col. 2, 
line 54); 

11. if the state information for the active secure communication session is retrieved, using the 
state information including the encryption key to share the active secure communication session 
established between the client and the second server for subsequent communications between the 
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client and the first server without having to set up a new secure communication session between 
the client and the first server, (e.g. col. 3, lines 33 -65, "session migration" & col. 4, lines 29 - 
63 & col. 5, line 38 - col. 6, line 13, "session token & authorized request"). It would have been 
obvious to one skilled in the art at the time the invention was made to combine the teaches of 
Kunzelman with Devarakonda because doing so, makes for a faster session between a user and 
multiple servers by not having to go through the steps of continually creating new session 
parameters and connection information for the same user accessing different servers, 

12. Davis teaches wherein the state information includes encryption key used to encrypt 
communications, (e.g. col. 2, lines 6 - 64). It would have been obvious to one skilled in the art at 
the time the invention was made to combine the teaches of Davis with the combine system of 
Devarakonda and Kunzelman because using a encryption key that is shared ensures that if there 
is an identical encryption key in queue to be used, it will discarded to ensure that there is only 
unique encryption keys in use to differentiate form other secure sessions communications 
between clients and servers. 

13. Haller teaches the use of encryption keys used to encrypt communications between the 
client and the server, (e.g., Figure 4 & col. 16, line 22 - col. 17, line 8, "public key, private key, 
random encryption key")\ 

14. encryption keys to share the active secure communication session established between 
the client and the server, (e.g., Figure 4 & col: 16, line 22 - col. 17, line 8, "public key, private 
key, random encryption key"). It would have been obvious to one skilled in the art at the time the 
invention was made to combine the teaches of Haller with the combine system of Devarakonda, 
Kunzelman and Davis because adding another encryption key to encrypt data would only further 
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secure the data so only privileged users with the ability to decrypt the data past the initial 
encryption can further decrypt the data to utilize what is sent. Furthermore adding more than one 
encryption key to data is only re-encrypting or duplicating what is already been encrypted, and 
since it has been held that mere duplications of the essential working parts of a device involves 
only routine skill in the art. St. Regis Paper Co. v. Bemis Co., 193 USPQ 8. 

15. Davis, V. teaches wherein sharing the active secure communication session allows a 
single SSL session to be simultaneously shared by multiple servers, (e.g., col. 23, lines 10 - 43). 
It would have been obvious to one skilled in the art at the time the invention was made to 
combine the teaches of Davis, V. with the combine system of Devarakonda, Kunzelman, Davis 
and Haller because utilizing the same secure session between servers could allow the server to 
communicate without a client's intervention or ability to decrypt messages between servers. 
Also, utilizing the same communication session between servers could provide a faster session 
because of the lack of extra sessions to establish between servers, 

16. Referencing claim 2, Devarakonda teaches attempting to retrieve the state information 
includes: 

17. attempting to use the session identifier to identify the second server in the plurality of 
servers that has an active secure communication session with the client that corresponds to the 
session identifier, (e.g. col. 4, line 58 - col. 5, line 12 & col. 9, lines 5 - 32); and 

18. attempting to retrieve the state information from the second server, (e.g. col. 4, line 58 - 
col. 5, line 1 2 & col. 9, lines 5 - 32). 
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19. Referencing claim 3, Devarakonda teaches attempting to retrieve the state information 
involves attempting to retrieve the state information from a centralized repository that is in 
communication with the plurality of servers, (e.g. col. 8, line 53 - col. 9, line 32). 

20. Referencing claim 4, Devarakonda teaches the centralized repository includes a database 
for storing the state information, (e.g. col. 3, line 27 - col. 5, line 12 & col. 8, line 53 - col. 9, 
line 32). 

21. Referencing claim 5, Devarakonda teaches establishing the active secure communication 
session involves establishing a secure sockets layer (SSL) connection with the client, (e.g. col. 3, 
lines 35 - 55). 

22. Referencing claim 9, Devarakonda teaches initially establishing an active secure 
communication session between the client and the second server, the active secure 
communication session being identified by the session identifier, (e.g. col. 4, line 58 - col. 5, line 
12 & col. 9, lines 5 -32). 

23. Claims 13 - 17, 21 and 25 - 29 are rejected for similar reasons as stated above. 



24. Claims 6, 7, 10, 18, 19, 22, 30, 31 and 33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Devarakonda, Kunzelman, Davis, Haller and Davis, V. as applied to claims 1, 
13 and 25 above, and in further view of Fielder et al. (6105133) (hereinafter Fielder). 
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25. As per claim 6, Devarakonda teaches the state information includes: 

26. a session encryption key for the secure communication session, (e.g. col. 3, lines 35 - 
64); 

27. the session identifier for the secure communication session, (e.g. col. 7, line 56 - col. 8, 
line 34). Devarakonda and Kunzelman do not teach a running message digest for the secure 
communication session. Fielder teaches a running message digest for the secure communication 
session, (e.g. col. 2, line 60 - col. 3, line 42), It would have been obvious to one skilled in the art 
at the time the invention was made to combine Fielder with the combine system of Devarakonda, 
Kunzelman, Davis, Haller and Davis, V. because it would make the transferring of information 
more secure because of the functionality of running message digest adding a signature to identify 
and authenticate the sender and message of the transferred information. 

28. As per claim 7, Devarakonda, Kunzelman, Davis, Haller and Davis, V. do not teach using 
the message to update the running message digest; and 

29. checkpointing the updated running message digest to a location outside of the first server. 
Fielder teaches using the message to update the running message digest, (e.g. col. 2, line 60 - 
col. 3, line 42); and 

30. checkpointing the updated running message digest to a location outside of the first server, 
(e.g. col. 2, line 60 - col. 3, line 42). It would have been obvious to one skilled in the art at the 
time the invention was made to combine Fielder with the combine system of Devarakonda, 
Kunzelman, Davis, Haller and Davis, V. because it would be more efficient for the message to 
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update the running message digest so when a server with new information pertaining to state 
information occurs, the entire network will be able to access this information and utilize it in new 
secure data transfer, as appose to having to send a separate set of information to update the 
running message digest on each device, causing more traffic on the network. 

31. As per claim 10, Devarakonda, Kunzelman, Davis, Haller and Davis, V. do not teach 
attempting to retrieve the state information includes authenticating and authorizing the first 
server. Fielder teaches attempting to retrieve the state information includes authenticating and 
authorizing the first server, (e.g. col. 1, lines 31 - 44). It would have been obvious to one skilled 
in the art at the time the invention was made to combine Fielder with the combine system of 
Devarakonda, Kunzelman, Davis, Haller and Davis, V. because it would make a system more 
secure if the receiver of the information could be authorized to the information by authenticating 
the information that was sent from the first server. Furthermore, it would make the information 
more difficult for other system to try and access the information without having the 
authentication and authorized access to the information. 

32. Claims 18, 19, 22, 30, 31 and 33 are rejected for similar reasons as stated above. 

33. Claims 8, 20 and 32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Devarakonda, Kunzelman, Davis, Haller and Davis, V. as applied to claims 1, 13 and 25 above, 
and in further view of Kennedy et al. (6134582). 
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34. As per claim 8, Devarakonda, Kunzelman, Davis, Haller and Davis, V. do not teach if the 
state information for the active secure communication session is retrieved, purging the state 
information from a location from which the state information was retrieved, so that the state 
information cannot be subsequently retrieved by another server in the plurality of servers. 
Kennedy teaches if the state information for the active secure communication session is 
retrieved, purging the state information from a location from which the state information was 
retrieved, so that the state information cannot be subsequently retrieved by another server in the 
plurality of servers, (e.g. col, 1, line 57 - col. 2, line 10), It would have been obvious to one 
skilled in the art at the time the invention was made to combine Kennedy with the combine 
system of Devarakonda, Kunzelman, Davis, Haller and Davis, V. because it would be more 
efficient for a system to free up space on a device that is no longer using that specific 
information on that particular device. 

35. Claims 20 and 32 are rejected for similar reasons as stated above. 

Response to Arguments 

36. Applicant's arguments filed 10/1 3/2005 have been fully considered but they are not 
persuasive, 

37. In the remarks, Applicant argues in substance that the combined system of Devarakonda, 
Kunzelman, Davis, Haller, and Davis V., either separately or in concert, which suggests sharing 
a single secure communication session between multiple servers, wherein the first server 
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attempts to retrieve state information associated with the session identifier for an active secure 
communication session between the client and a second server. 

38. As to part 1, the Examiner would like to draw the Applicant's attention to the newly 
added section cited in the prior art. Furthermore, in the claim language the Applicant states that 
"if the state information for the active secure communication session is not retrieved, 
communicating with the client to establish the active secure communication session with the 
client " yet the Applicant never states what is communicating with the client. 

Conclusion 

39. Applicant is invited to contact the Examiner to aid in prosecution and take care of any 
claim misinterpretations. 

40. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David E. England whose telephone number is 571-272-3912. 
The examiner can normally be reached on Mon-Thur, 7:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A. Wiley can be reached on 571-272-3923. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



David E. England 

Examiner 
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